Veeam and IBM have released security updates to address critical vulnerabilities affecting their products that could allow for remote code execution (RCE). These security flaws pose a significant risk to organizations that rely on these systems for data protection.
Critical Vulnerability in Veeam Backup & Replication
Veeam has issued an update to resolve a critical vulnerability in its Backup & Replication software, which affects version 12.x of the platform. The vulnerability, identified as CVE-2025-23120, has a CVSS score of 9.9 out of 10, classifying it as extremely critical. This flaw allows an attacker with authenticated access to execute code remotely on the backup server, compromising the system’s security.
The researcher Piotr Bazydlo of watchTowr discovered the vulnerability, which resides in an inconsistent handling of the deserialization mechanism in Veeam Backup. This lack of control allows an attacker to exploit unprotected deserialization devices, facilitating remote code execution. In particular, the attacker could use allowed classes to deserialize malicious data and execute unauthorized code.
The vulnerability affects installations of Veeam Backup & Replication joined to a domain, making it possible for any domain user to exploit it. Although the update has addressed this flaw by adding the affected devices to the block list, it is recommended to add Veeam components to a management domain in a standalone Active Directory and secure administrative accounts with two-factor authentication for added protection.
Security Recommendations for Veeam
- Apply update 12.3.1: It is crucial to update to version 12.3.1 (build 12.3.1.1139) to mitigate this vulnerability.
- Use two-factor authentication: Ensure that administrative accounts are protected with multifactor authentication.
- Review Active Directory configurations: Place Veeam servers in an isolated management domain to limit exposure to potential attacks.
Vulnerabilities in IBM AIX
IBM has also released security updates for its AIX operating system, affecting versions 7.2 and 7.3. The identified vulnerabilities are CVE-2024-56346 and CVE-2024-56347, both with CVSS scores close to 10.0, indicating critical severity.
- CVE-2024-56346: An inadequate access control vulnerability that could allow a remote attacker to execute arbitrary commands through AIX’s NIM Nimesis service.
- CVE-2024-56347: Another access control vulnerability that could allow arbitrary command execution through the SSL/TLS protection in AIX’s Nimsh service.
Although no active exploitation of these vulnerabilities has been reported, AIX users are urged to apply the necessary patches promptly to mitigate the risk of future attacks.
Impact and Recommendations for AIX
- Upgrade to the latest AIX versions: Apply the security updates provided by IBM to protect AIX systems against remote command execution.
- Monitor remote access: Ensure that strict access policies are implemented and regularly review access logs for any potential attempts to exploit these vulnerabilities.
Conclusion
The vulnerabilities in Veeam Backup & Replication and IBM AIX underscore the need to keep systems updated and strengthen security measures on critical platforms. RCE vulnerabilities, particularly those allowing unauthenticated remote access, are a key target for cybercriminals, which can compromise not only data integrity but also the stability of companies’ IT infrastructures.
It is imperative that organizations follow best security practices, apply timely updates, and strengthen their systems with robust authentication measures to protect against attacks exploiting these flaws.